Using CAPTCHA for
I have broken down this program as simply
as possible. The basic idea is to use a directory of images (not
web readable) to be called into a form using a standard HTML IMG
TAG. When the user requests the image, the image name and users
IP are written to a temporary file that will later be compared to
the form submission text to verify that the user is indeed a
human being or at least a monkey that can read.
See how the DEMO CAPTCHA works for
The nice part is that you will not need to
install any modules and it can be run from any server that
supports perl. Although I really have no clue about windows
servers, its written for unix, if it works on windows great, if
not, Oh well! If you program on windows, you should be able to
make the adjustments relatively easily.
You will need 2 perl programs provided and
one page with the form. The form can be delived from any static
or dynamic page. To insure 100% compatability, a dynamic page
will be needed.
captcha.cgi will deliver the images to a page called by using a
standard image tag <img src="captcha.cgi">. This
program should stand on its own and will not need to be added to
any existing programs.
check-captcha.cgi will take the form input and compare it to the
image that was displayed. This will be the code you want to
integrate into your program for form validation.
form.cgi is included to provide a working solution as well
as an html form that will also work. However, when using the html
form you will need to create a dynamic querry string for the
for example: <img src="captcha.cgi?randomnumber">
By changing the querry string represented
by "randomnumber" you will insure that older browsers
will load a new image each time the page is accessed.
Older browsers cache one image as the only
image to be displayed. By using the form.cgi the random number
can be printed right to the page by the program. Of course any
dynamic page like asp, jsp and so on could easily do the same
thing. It will also confuse the hell out of the scammers who
think the random string has some relationship to the text on the
If you are using shtml or server parsed
pages you can use the time function to create a dynamic number
for the cgi with:
<!--#echo var="DATE_LOCAL" -->">
The program is as simplifed as possible.
The error and response messages are simple and clear. You will
obviously want to replace the messages with your own. The words
will make sense to a programer but you do not want to tell a user
"no file found to verify input".
The programs only serve as a sample of
working code. But with the image files, they should be enough for
any hacker to knock out a very secure and simple CAPTCHA system
for their programs.
Program - How I came up
with the idea and the theory behind it.
Installation - How to install the demo program and get it
the Files -
complete files including 1000 images.
Limitations - Program limitations.
Advantages - Advantages of this program over
other techniques, besides the fact that this program is absolutly
image sets -
Here are a few additional image sets some are clear and easy to
read, others are seemingly ocr proof. We hope to set up a utility
here to allow anyone to generate their own images in any quantity,
but setting that up will take time that is not currently
available. If we get lots of requests, it will likley be added.
We would like to see if anyone is interested before spending the
time setting it up. So for now we have just made a few sets of
1000 images each to get people started.
NOTICE: We always appreciate any link backs
to our sites, especially this one which is very new. I have not
added any links in the programs to save everyone the time of
removing them. But we would like to make this program as well as
many more, freely available to anyone looking for great perl
solutions. So don't hesitate to add a link on your website to our
User Notes - Here are some ideas and feedback from people that
have installed the program and offered some additional ideas and